SunOS and shared libraries, security aspects
David Waitzman
djw at bbn.com
Tue Sep 4 07:22:28 AEST 1990
guy at auspex.auspex.com (Guy Harris) writes:
} 1) "rsh" and "rlogin" use super-user privileges to get "privileged"
} ports, not to change your uid; "rshd" and "rlogind"...
I occasionally write and distribute programs that need to use raw IP
sockets, roughly the same thing, protection-wise, as a program using
"privileged" ports. I dislike needing to run the programs set-uid root
(or by root) just to do this one special privileged thing.
How do you all feel about the practice of using a special group that
allows one to access privileged ports or raw IP sockets? The programs
can then just be run setgid to that group. The kernel socket opening
code would then allow the opening of privileged or raw sockets to
either user==root or groups includes "priv_socket_group".
Would vendors support this? We don't have access to Sun kernel source
code anymore here.
I understand that some people may have objections to the piece-meal
addition of finer-granularity access rights to Unix.
thanks,
-david
More information about the Comp.unix.internals
mailing list